02
Dec 20

Account Hijacking Site OGUsers Hacked, Again

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked.

An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment.

Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised. The hack was acknowledged by the forum’s current administrator, who assured members that their passwords were protected with a password obfuscation technology that was extremely difficult to crack.

But unlike in previous breaches at OGUsers, the perpetrators of this latest incident have not yet released the forum database. In the meantime, someone has been taunting forum members, saying they can have their profiles and private messages removed from an impending database leak by paying between $50 and $100.

OGUsers was hacked at least twice previously, in May 2019 and again in March 2020. In the wake of both incidents, the compromised OGUsers databases were made available for public download.

The leaked databases have been useful in reconstructing who’s behind several high-profile incidents involving compromised social media accounts and virtual currency heists that leveraged SIM swapping, a crime that centers around convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

For example, when several high-profile Twitter accounts were hacked in July 2020 and used to promote bitcoin scams, the profile and private message data from previous OGUser forum compromises proved invaluable in piecing together the “who” behind that scam.

The hacker handles featured in the defacement message left on OGUsers — “Chinese” and “Disco” — correspond to two nicknames used by banned OGUser members who have been trying to generate interest for their own forum that seeks to emulate OGUsers.

Disco, a.k.a “Discoli” a.k.a. “Disco Dog,” is a young man from the United Kingdom who has marketed an automated bot program and service advertised as a way for customers to “cash out” illicit access to OneVanilla Visa prepaid card accounts using PayPal. The same individual also earlier this year founded a corporation in the U.K. called Disco Payments.

Reached via Twitter, Discoli said he and his friends hacked OGUsers via an outdated plugin used by the site. But he claims they have no plans to sell the stolen user data, and said the company was registered as a joke.

“I had a sort of feud with the administrator in the past but this one was more for fun,” Discoli said. “Not too interested in doing damage by releasing database or anything like that.”

As I noted the first time OGUsers got hacked, it’s difficult not to admit feeling a bit of schadenfreude in the continued exposure of a community that has largely specialized in hacking others. Or perhaps in the case of OGUsers, the sentiment may more aptly be described as “schadenfraud.”

Tags: , , ,

36 comments

  1. Referring to Discoli as “The sane individual” is one of those typos that gets readers thinking 🙂

  2. Nice report, Brian!

    Good to hear that Discoli’s sanity is not in question, but can you provide a citation?

    “The sane individual also earlier this year founded a corporation in the U.K. called Disco Payments.”

  3. I gotta get out of jail, Omie is fucking everything up

  4. Gotta love these 2!!!

  5. Hello, Krebs! Great report. You mention the OneVanilla Visa gift cards, but this is actually a whole community of fraudsters. We would love to see you do a whole report on them, as it is easy to infaltrate their communications (use Telegram, group is https://t.me/thecommunitychat). They steals millions from people each year doing this, from what I can tell. In fact, they even phished my birthday present which was one of these cards!!!

    I think Discoli leads this community too.

    • Agreed! I was trying to buy a vanilla visa card from 7-11, and one of their sites stole my card! The message was “You just got beamed by banana boy”… I wonder what this means! Please check this community out, they steal my birthday gift!

      • Beamed means scammed, to beam is to scam. It’s a fairly new term that arose from the online gaming community, originally meaning “owned” as in laser site dot headshot but later was evolved into it’s current context meaning to scam, mostly within the credential stuffing, handle collecting and hacking scenes.

    • Hello anon,

      I am indeed disco (li) and can assure you I don’t run that community nor affiliate with any of those public group chats filled with malicious characters.

      I mind my own business in my own corner of the internet and definitely do not run any active groups.

      Thanks!

    • Thank you for the $25 donation to Mike hawk

  6. Do you often stalk school students

  7. Hello I am an imfam0us OneVanilla community reseller. I have recently exit scammed because I hate black people!

  8. Disco dogs on top

  9. They hacked the website https://www.productreview.com.au/listings/only-1-gift-card stealing over $10million of stock, hence the bad reviews, as-well as making 100+ bitcoin.

  10. join the discord boys

  11. They also reside in this chat, https://t.me/vanillacashoutchat
    They discuss the buying of onevanilla cards there.

  12. yeah, i actually own these chats. we do not do fraud. please stop saying we do.

  13. me n my homies love brian krebs!!! ok fr, bro brian stop being a retard.

  14. Rexia sexy female

    https://open.spotify.com/album/51Z7NkgMNNief91WBy2Qbu

    [Beginning – Yung Discoli]
    Yung Discoli making virtual mils
    I be straight getting chills
    All this illegal cash flow
    Spend it all on thrills
    Bingo is my card hookup
    Make more money than a grown up
    The honey so plump
    Call me lil pump

    [Verse 1 – Yung Discoli]
    This money ain’t clean
    But it sure buy supreme
    Imma go to your girls house
    Give her some cream
    We use some protection
    VPN guarding my connection
    Voted Donald Trump regarding the election
    Be poppin’ them pills, call it an injection

    [Verse 2 – Yung Discoli]
    I be picking up yo girl
    She gave me a wink
    I gave her a cool mint
    She told me I taste peppermint
    I said give us a mystery
    I ain’t no UberEats, but still
    Finna go home, give her that delivery
    I be workin’ in the industry

    [Sound Effect]

    I be sipping on that lean, here comes Lil Listerine

    [Verse 3 – Lil Listerine]
    Listerine, I’ve always been clean
    Call me an Athlete, cuz I’m always seen
    I ain’t fat but I always eat
    Discoli is pretty obscene
    I never sit in the backseat of the limousine
    Always got that vape on hold, it’s that nicotine
    Imma be chillin I’m always in the green
    I always have the magic but I ain’t no planet sheen
    Niggas think I’m looking like a meal, Kids Cuisine
    Gonna make them stacks, already bought my mom a house
    And I’m already chilling at the whorehouse, I ain’t black but I’m white enough to be both
    Just like Mickey Mouse
    I ain’t like Minnie, I don’t wear a blouse gonna pull an OJ and take yo’ spouse gonna take and invite her to my Clubhouse

  15. hack hack hack

  16. anyone got tmobile up?

  17. Boi, the trolls are out today…

  18. selling tmob targs, dm ne

  19. Hello I am a singer and someone im this community uses my name and picture to do this things. Also banana boi hates black people

  20. OGU is full of skiddies and low level plebs. I hope they leak the db to public again so I can dig through it.

  21. whats poppin ? homies? any $$$$?

  22. Looking for kawaii uwu owo type beat cat girls c:

  23. Shutting down thousands of schools? How does this guy differ from a terrorist? Recommendation: permanent Gitmo.

  24. Thanks for the update and quick reply. I’ll be sure to keep an eye on this thread. Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution.